ERM vs. Internal Audit Differences and Overlaps Kuwait ERM Conference March 2015
Evolving expectations Risk Management Programs Organisations today are struggling with effectively managing risks across the enterprise. Rapidly changing business trends and technological innovations have significantly changed the risk landscape. Companies lagging behind the innovation curve, increase their vulnerability to these proliferating risks. Risk Management Programs must continually reassess how to effectively and efficiently meet key strategic objectives: Intensification of growth expectation Regulation increases Additional technology innovations entering the market, Amid these challenges, most organisations Risk functions are still struggling to provide the expected value, both in fulfilling its tasks and realising savings. Page 2 Kuwait 3rd ERM Conference - 2015
Key transformational levers Levers critical in enabling successful risk transformations that improve business performance: Using an integrated risk management approach Dynamic Management, aligning strategic risks and business performance measures across the organisation: identifying, managing and monitoring the rapidly evolving strategic and business risk profile Simplifying Risk Management processes Companies with successful GRC align the mandates and scope of their GRC functions, coordinating infrastructure and people, and leveraging consistent methods and practices Embracing enabling technology GRC Technology, Data Risk Analytics & Visualization and Predictive analytics are all now fundamental in an effective risk management program Page 3 Kuwait 3rd ERM Conference - 2015
Using an integrated risk management approach Page 4
Core risk strategy components Aligning the multiple functions responsible for risk in how they handle strategic and preventable risks and standardising key elements of their processes will make decision-making quicker and more effective, as well as help avoid unnecessary costs. The following core risk strategy components are critical: Enterprise-wide risk and control governance model Risk building blocks focused on risk strategy, identification, assessment and governance Convergence of GRC functions and activities Page 5 Kuwait 3rd ERM Conference - 2015
Convergence - Core risk strategy components Consolidating and standardising activities under internal audit, internal controls, legal compliance, ERM, etc. decreases costs, drives enhanced integration, and maximises the value of risk management activities. Page 6 Kuwait 3rd ERM Conference - 2015
Our response: Integrated Risk Transformation Security Governance Operational Resilience Business Continuity Data and information Privacy Monitoring and Compliance IT and Operational Technology Disaster Recovery Infrastructure, Perimeter, Network and Device Security Reduced Silo Operation s Strategic Risks Unified Risk Platform Technical Capability Monitoring and Servicing Risk Managemen t Where it Matters Preventable Risks Risk Strategy Business Strategy Big Data Operational Speed and Efficiency GRC Process and Technology Enablemen t Integrate d Analytical Reporting Cost Effective Risk Management Internal Audit Compliance Risk Governance HSE Internal Controls External Risks A comprehensive, unified and integrated risk platform, aligned with the enterprise risk and business strategy, with the goal to leverage the commonalities of the risk treatment program, and enabled by a common framework, unified technology platform and advanced, up to the minute monitoring and reporting via risk and visualization analytics Page 7 Data Risk Governance Data and Risk Analytics Risk Information Systems Reporting and Dash Boarding
Our response: Integrated Risk Transformation Security Governance Operational Resilience Business Continuity Data and information Privacy Monitoring and Compliance IT and Operational Technology Disaster Recovery nfrastructure, Perimeter, Network and Device Security Reduced Silo Operation s Strategic Risks Unified Risk Platform Technical Capability Monitoring and Servicing Risk Managemen t Where it Matters Preventable Risks Risk Strategy Business Strategy Big Data Operational Speed and Efficiency GRC Process and Technology Enablemen t Integrate d Analytical Reporting Cost Effective Risk Management Internal Audit Compliance Risk Governance HSE Internal Controls External Risks A comprehensive, unified and integrated risk platform, aligned with the enterprise risk and business strategy, with the goal to leverage the commonalities of the risk treatment program, and enabled by a common framework, unified technology platform and advanced, up to the minute monitoring and reporting via risk and visualization analytics Page 8 Data Risk Governance Data and Risk Analytics Risk Information Systems Reporting and Dash Boarding
Conclusion Page 9
Transform your RM program to realise resilience, savings and improve performance. Leading companies have achieved successful results by focusing on: Rapid access to Meaningful, Insightful and relevant information Understand your Risk Profile Shifting risk management focus to a cross-functional approach aligned to strategic risks and business performance measures Standardising and Integrate Risk Management processes to enhance decision making and avoid unnecessary costs Embracing technology to execute processes effectively and efficiently Page 10 Kuwait 3 rd ERM Conference - 2015
Questions for the C-suite Do you have a comprehensive risk vision and strategy? Have your risk vision and strategy addressed the three main risks: external, strategic and preventable? Does your board have confidence that you understand their risk vision and appetite? Have you established your risk appetite and tolerance for strategic risk events that could provide upward or downward potential to the business? Are you confident that there are no gaps in risk coverage and that they have visibility into how issues roll up and impact the strategic business risks? Do you have visibility into the risk coverage of the company? Are you confident that risk responses and compliance activities are optimised across the organisation? Do you effectively leverage GRC technology to support your GRC program? If the answer to any of these questions is no, it is time to take action. Page 11 Kuwait 3rd ERM Conference - 2015
Further information To see the full report Improve your business performance: Transform your governance, risk and compliance program visit www.ey.com/transformgrc For further Risk thought leadership, please refer to our Insights on governance, risk and compliance series at www.ey.com/grcinsights Owen Purcell Owen.purcell@uk.ey.com +44 7968 158865 Page 12 Kuwait 3rd ERM Conference - 2015
Thank you
EY Assurance Tax Transactions Advisory Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organisation, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organisation, please visit ey.com. About EY s Advisory Services Improving business performance while managing risk is an increasingly complex business challenge. Whether your focus is on broad business transformation or more specifically on achieving growth, optimising or protecting your business, having the right advisors on your side can make all the difference. Our 30,000 advisory professionals form one of the broadest global advisory networks of any professional organisation, delivering seasoned multidisciplinary teams that work with our clients to deliver a powerful and exceptional client service. We use proven, integrated methodologies to help you solve your most challenging business problems, deliver a strong performance in complex market conditions and build sustainable stakeholder confidence for the longer term. We understand that you need services that are adapted to your industry issues, so we bring our broad sector experience and deep subject matter knowledge to bear in a proactive and objective way. Above all, we are committed to measuring the gains and identifying where your strategy and change initiatives are delivering the value your business needs.. www.ey.com/grcinsights Page 14